📝 docs: update NextAuth references in documentation

- Update Casdoor doc links from next-auth/casdoor to providers/casdoor - Remove /next-auth/* route reference from ENABLE_AUTH_PROTECTION description
🔥 chore: remove NextAuth legacy code after Better Auth migration
2026-06-14 11:40:07 +00:00 · 2026-01-27 13:37:26 +08:00 · 2026-01-27 13:37:26 +08:00 · 2026-01-27 13:36:24 +08:00
23 changed files with 92 additions and 74 deletions
@@ -479,13 +479,9 @@ Regardless of which database you choose, LobeHub can provide you with an excelle

 ### [Support Multi-User Management][docs-feat-auth]

-LobeHub supports multi-user management and provides two main user authentication and management solutions to meet different needs:
+LobeHub supports multi-user management and provides flexible user authentication solutions:

- **next-auth**: LobeHub integrates `next-auth`, a flexible and powerful identity verification library that supports multiple authentication methods, including OAuth, email login, credential login, etc. With `next-auth`, you can easily implement user registration, login, session management, social login, and other functions to ensure the security and privacy of user data.
-
- [**Clerk**](https://go.clerk.com/exgqLG0): For users who need more advanced user management features, LobeHub also supports `Clerk`, a modern user management platform. `Clerk` provides richer functions, such as multi-factor authentication (MFA), user profile management, login activity monitoring, etc. With `Clerk`, you can get higher security and flexibility, and easily cope with complex user management needs.
-
-Regardless of which user management solution you choose, LobeHub can provide you with an excellent user experience and powerful functional support.
+- **Better Auth**: LobeHub integrates `Better Auth`, a modern and flexible authentication library that supports multiple authentication methods, including OAuth, email login, credential login, magic links, and more. With `Better Auth`, you can easily implement user registration, login, session management, social login, multi-factor authentication (MFA), and other functions to ensure the security and privacy of user data.

 <div align="right">

@@ -461,8 +461,6 @@ LobeHub 支持多用户管理，提供了灵活的用户认证方案：

 - **Better Auth**：LobeHub 集成了 `Better Auth`，一个现代化且灵活的身份验证库，支持多种身份验证方式，包括 OAuth、邮件登录、凭证登录、魔法链接等。通过 `Better Auth`，您可以轻松实现用户的注册、登录、会话管理、社交登录、多因素认证 (MFA) 等功能，确保用户数据的安全性和隐私性。

- **next-auth**：LobeHub 还支持 `next-auth`，一个广泛使用的身份验证库，具有丰富的 OAuth 提供商支持和灵活的会话管理选项。
-
 <div align="right">

 [![][back-to-top]](#readme-top)
@@ -99,7 +99,6 @@ services:
      - 'AUTH_SSO_PROVIDERS=logto'
      - 'KEY_VAULTS_SECRET=Kix2wcUONd4CX51E/ZPAd36BqM4wzJgKjPtz2sGztqQ='
      - 'AUTH_SECRET=NX2kaPE923dt6BL2U8e9oSre5RfoT7hg'
-      - 'NEXTAUTH_URL=http://localhost:${LOBE_PORT}/api/auth'
      - 'AUTH_LOGTO_ISSUER=http://localhost:${LOGTO_PORT}/oidc'
      - 'DATABASE_URL=postgresql://postgres:${POSTGRES_PASSWORD}@postgresql:5432/${LOBE_DB_NAME}'
      - 'S3_ENDPOINT=http://localhost:${MINIO_PORT}'
@@ -1,5 +1,5 @@
 # Required: LobeChat domain for tRPC calls
-# Ensure this domain is whitelisted in your NextAuth providers and S3 service CORS settings
+# Ensure this domain is whitelisted in your SSO providers and S3 service CORS settings
 APP_URL=http://localhost:3210

 # Postgres related environment variables
@@ -8,8 +8,7 @@ KEY_VAULTS_SECRET=Kix2wcUONd4CX51E/ZPAd36BqM4wzJgKjPtz2sGztqQ=
 # Required: Postgres database connection string
 DATABASE_URL=postgresql://postgres:uWNZugjBqixf8dxC@postgresql:5432/lobechat

-# NEXT_AUTH related environment variables
-NEXTAUTH_URL=http://localhost:3210/api/auth
+# Authentication related environment variables
 AUTH_SECRET=NX2kaPE923dt6BL2U8e9oSre5RfoT7hg
 AUTH_SSO_PROVIDERS=zitadel
 # ZiTADEL provider configuration
@@ -7,8 +7,7 @@ KEY_VAULTS_SECRET=Kix2wcUONd4CX51E/ZPAd36BqM4wzJgKjPtz2sGztqQ=
 # Postgres 数据库连接字符串
 DATABASE_URL=postgresql://postgres:uWNZugjBqixf8dxC@postgresql:5432/lobechat

-# NEXT_AUTH 相关
-NEXTAUTH_URL=http://localhost:3210/api/auth
+# 鉴权相关
 AUTH_SECRET=NX2kaPE923dt6BL2U8e9oSre5RfoT7hg
 AUTH_SSO_PROVIDERS=zitadel
 # ZiTADEL 鉴权服务提供商部分
@@ -1,5 +1,5 @@
 # Required: LobeChat domain for tRPC calls
-# Ensure this domain is whitelisted in your NextAuth providers and S3 service CORS settings
+# Ensure this domain is whitelisted in your SSO providers and S3 service CORS settings
 APP_URL=https://lobe.example.com/

 # Postgres related environment variables
@@ -10,18 +10,16 @@ KEY_VAULTS_SECRET=Kix2wcUONd4CX51E/ZPAd36BqM4wzJgKjPtz2sGztqQ=
 # If using Docker, you can use the container name as the host
 DATABASE_URL=postgresql://postgres:uWNZugjBqixf8dxC@postgresql:5432/lobe

-# NEXT_AUTH related environment variables
-# Supports auth0, Azure AD, GitHub, Authentik, Zitadel, Logto, etc.
-# For supported providers, see: https://lobehub.com/docs/self-hosting/advanced/auth#next-auth
-# If you have ACCESS_CODE, please remove it. We use NEXT_AUTH as the sole authentication source
-# Required: NextAuth secret key. Generate with: openssl rand -base64 32
+# Authentication related environment variables
+# Supports Auth0, Azure AD, GitHub, Authentik, Zitadel, Logto, etc.
+# For supported providers, see: https://lobehub.com/docs/self-hosting/advanced/auth
+# If you have ACCESS_CODE, please remove it. We use Better Auth as the sole authentication source
+# Required: Auth secret key. Generate with: openssl rand -base64 32
 AUTH_SECRET=NX2kaPE923dt6BL2U8e9oSre5RfoT7hg
 # Required: Specify the authentication provider (e.g., Logto)
 AUTH_SSO_PROVIDERS=logto
-# Required: NextAuth URL for callbacks
-NEXTAUTH_URL=https://lobe.example.com/api/auth

-# NextAuth providers configuration (example using Logto)
+# SSO providers configuration (example using Logto)
 # For other providers, see: https://lobehub.com/docs/self-hosting/environment-variables/auth
 AUTH_LOGTO_ID=YOUR_LOGTO_ID
 AUTH_LOGTO_SECRET=YOUR_LOGTO_SECRET
@@ -1,5 +1,5 @@
 # 必填，LobeChat 域名，用于 tRPC 调用
-# 请保证此域名在你的 NextAuth 鉴权服务提供商、S3 服务商的 CORS 白名单中
+# 请保证此域名在你的 SSO 鉴权服务提供商、S3 服务商的 CORS 白名单中
 APP_URL=https://lobe.example.com/

 # Postgres 相关，也即 DB 必需的环境变量
@@ -9,18 +9,16 @@ KEY_VAULTS_SECRET=Kix2wcUONd4CX51E/ZPAd36BqM4wzJgKjPtz2sGztqQ=
 # 格式：postgresql://username:password@host:port/dbname，如果你的 pg 实例为 Docker 容器且位于同一 docker-compose 文件中，亦可使用容器名作为 host
 DATABASE_URL=postgresql://postgres:uWNZugjBqixf8dxC@postgresql:5432/lobe

-# NEXT_AUTH 相关，也即鉴权服务必需的环境变量
-# 可以使用 auth0、Azure AD、GitHub、Authentik、Zitadel、Logto 等，如有其他接入诉求欢迎提 PR
-# 目前支持的鉴权服务提供商请参考：https://lobehub.com/zh/docs/self-hosting/advanced/auth#next-auth
-# 如果你有 ACCESS_CODE，请务必清空，我们以 NEXT_AUTH 作为唯一鉴权来源
-# 必填，用于 NextAuth 的密钥，可以使用 openssl rand -base64 32 生成
+# 鉴权服务必需的环境变量
+# 可以使用 Auth0、Azure AD、GitHub、Authentik、Zitadel、Logto 等，如有其他接入诉求欢迎提 PR
+# 目前支持的鉴权服务提供商请参考：https://lobehub.com/zh/docs/self-hosting/advanced/auth
+# 如果你有 ACCESS_CODE，请务必清空，我们以 Better Auth 作为唯一鉴权来源
+# 必填，用于鉴权的密钥，可以使用 openssl rand -base64 32 生成
 AUTH_SECRET=NX2kaPE923dt6BL2U8e9oSre5RfoT7hg
 # 必填，指定鉴权服务提供商，这里以 Logto 为例
 AUTH_SSO_PROVIDERS=logto
-# 必填，NextAuth 的 URL，用于 NextAuth 的回调
-NEXTAUTH_URL=https://lobe.example.com/api/auth

-# NextAuth 鉴权服务提供商部分，以 Logto 为例
+# SSO 鉴权服务提供商部分，以 Logto 为例
 # 其他鉴权服务提供商所需的环境变量，请参考：https://lobehub.com/zh/docs/self-hosting/environment-variables/auth
 AUTH_LOGTO_ID=YOUR_LOGTO_ID
 AUTH_LOGTO_SECRET=YOUR_LOGTO_SECRET
@@ -1,5 +1,5 @@
 # Required: LobeChat domain for tRPC calls
-# Ensure this domain is whitelisted in your NextAuth providers and S3 service CORS settings
+# Ensure this domain is whitelisted in your SSO providers and S3 service CORS settings
 APP_URL=https://lobe.example.com/

 # Postgres related environment variables
@@ -10,10 +10,8 @@ KEY_VAULTS_SECRET=Kix2wcUONd4CX51E/ZPAd36BqM4wzJgKjPtz2sGztqQ=
 # If using Docker, you can use the container name as the host
 DATABASE_URL=postgresql://postgres:uWNZugjBqixf8dxC@postgresql:5432/lobe

-# NEXT_AUTH related environment variables
-# Required: NextAuth URL for callbacks
-NEXTAUTH_URL=https://lobe.example.com/api/auth
-# Required: NextAuth secret key. Generate with: openssl rand -base64 32
+# Authentication related environment variables
+# Required: Auth secret key. Generate with: openssl rand -base64 32
 AUTH_SECRET=NX2kaPE923dt6BL2U8e9oSre5RfoT7hg
 # Required: Specify the authentication provider
 AUTH_SSO_PROVIDERS=zitadel
@@ -1,5 +1,5 @@
 # 必填，LobeChat 域名，用于 tRPC 调用
-# 请保证此域名在你的 NextAuth 鉴权服务提供商、S3 服务商的 CORS 白名单中
+# 请保证此域名在你的 SSO 鉴权服务提供商、S3 服务商的 CORS 白名单中
 APP_URL=https://lobe.example.com/

 # Postgres 相关，也即 DB 必需的环境变量
@@ -9,10 +9,8 @@ KEY_VAULTS_SECRET=Kix2wcUONd4CX51E/ZPAd36BqM4wzJgKjPtz2sGztqQ=
 # 格式：postgresql://username:password@host:port/dbname，如果你的 pg 实例为 Docker 容器且位于同一 docker-compose 文件中，亦可使用容器名作为 host
 DATABASE_URL=postgresql://postgres:uWNZugjBqixf8dxC@postgresql:5432/lobe

-# NEXT_AUTH 相关，也即鉴权服务必需的环境变量
-# 必填，NextAuth 的 URL，用于 NextAuth 的回调
-NEXTAUTH_URL=https://lobe.example.com/api/auth
-# 必填，用于 NextAuth 的密钥，可以使用 openssl rand -base64 32 生成
+# 鉴权服务必需的环境变量
+# 必填，用于鉴权的密钥，可以使用 openssl rand -base64 32 生成
 AUTH_SECRET=NX2kaPE923dt6BL2U8e9oSre5RfoT7hg
 # 必填，指定鉴权服务提供商
 AUTH_SSO_PROVIDERS=zitadel
@@ -152,7 +152,19 @@ Send emails via SMTP protocol, suitable for users with existing email services.

 ### Common Configuration

-Before using NextAuth, please set the following variables in LobeHub's environment variables:
+Before using Better Auth, please set the following variables in LobeHub's environment variables:
+
+## Email Verification
+
+Enable email verification to ensure users own the email addresses they register with (off by default):
+
+| Environment Variable      | Type     | Description                                                       |
+| ------------------------- | -------- | ----------------------------------------------------------------- |
+| `AUTH_EMAIL_VERIFICATION` | Optional | Set to `1` to require email verification after registration       |
+
+<Callout type={'info'}>
+  Email verification requires a working email service (SMTP or Resend) configured above. When enabled, users must verify their email address before they can sign in.
+</Callout>

 ## Magic Link (Passwordless) Login

@@ -200,6 +212,10 @@ Set the `AUTH_ALLOWED_EMAILS` environment variable with a comma-separated list o
 - Allow only `example.com` domain: `AUTH_ALLOWED_EMAILS=example.com`
 - Allow multiple domains and specific emails: `AUTH_ALLOWED_EMAILS=example.com,company.org,admin@other.com`

+<Callout type={'info'}>
+  Note: `AUTH_ALLOWED_EMAILS` only restricts which email addresses can register, but does not verify email ownership. If you need to ensure users actually own the email address they register with, set `AUTH_EMAIL_VERIFICATION=1` to require email verification. This requires configuring an email service (SMTP).
+</Callout>
+
 ## Additional Features

 ### Webhook Support
@@ -152,7 +152,19 @@ LobeHub 与 Clerk 做了深度集成，能够为用户提供一个更加安全

 ### 通用配置

-在使用 NextAuth 之前，请先在 LobeHub 的环境变量中设置以下变量：
+在使用 Better Auth 之前，请先在 LobeHub 的环境变量中设置以下变量：
+
+## 邮箱验证
+
+启用邮箱验证以确保用户拥有其注册的邮箱地址（默认关闭）：
+
+| 环境变量                      | 类型 | 描述                        |
+| ------------------------- | -- | ------------------------- |
+| `AUTH_EMAIL_VERIFICATION` | 可选 | 设置为 `1` 以要求注册后进行邮箱验证      |
+
+<Callout type={'info'}>
+  邮箱验证需要上方已配置好的邮件服务（SMTP 或 Resend）。启用后，用户必须验证其邮箱地址才能登录。
+</Callout>

 ## 魔法链接（免密）登录

@@ -201,6 +213,10 @@ Better Auth 支持内置提供商（Google、GitHub、Microsoft、Apple、AWS Co
 - 只允许 `example.com` 域名：`AUTH_ALLOWED_EMAILS=example.com`
 - 允许多个域名和特定邮箱：`AUTH_ALLOWED_EMAILS=example.com,company.org,admin@other.com`

+<Callout type={'info'}>
+  注意：`AUTH_ALLOWED_EMAILS` 仅限制哪些邮箱地址可以注册，但不会验证邮箱所有权。如果需要确保用户确实拥有其注册的邮箱地址，请设置 `AUTH_EMAIL_VERIFICATION=1` 以启用邮箱验证。这需要配置邮件服务（SMTP）。
+</Callout>
+
 ### Webhook 支持

 允许 LobeHub 在身份提供商中用户信息更新时接收通知。支持的提供商包括 Casdoor 和 Logto。请参考具体提供商文档进行配置。
@@ -211,4 +227,4 @@ Better Auth 支持内置提供商（Google、GitHub、Microsoft、Apple、AWS Co

 ## 其他 SSO 提供商

-请参考 [NextAuth.js](https://next-auth.js.org/providers) 文档，欢迎提交 Pull Request。
+请参考 [Auth.js](https://authjs.dev/getting-started/authentication/oauth) 文档，欢迎提交 Pull Request。
@@ -351,6 +351,10 @@ When configuring SSO connections (e.g., GitHub in Auth0), make sure to enable **

 For identity providers like Casdoor or Logto, users may not have an email configured.

+<Callout type={'warning'}>
+  **Note for Casdoor Users**: Casdoor does not require users to have an email configured, but LobeChat strongly depends on email for authentication. If you find migration difficult due to many users without email addresses, we recommend staying on [v2.0.0-next.344](https://github.com/lobehub/lobe-chat/releases/tag/v2.0.0-next.344) for now. We plan to provide a self-service migration feature in the future, where users without email will be redirected to a bind-email page when they log in.
+</Callout>
+
 Solution:

 1. First configure the Webhook in LobeChat to sync user data from the identity provider:
@@ -345,6 +345,10 @@ npx tsx scripts/nextauth-to-betterauth/verify.ts

 对于 Casdoor、Logto 等身份提供商，用户可能没有配置邮箱。

+<Callout type={'warning'}>
+  **Casdoor 用户注意**：Casdoor 不要求用户必须配置邮箱，但 LobeChat 强依赖邮箱进行身份认证。如果因为大量用户没有邮箱而感觉迁移困难，建议暂时停留在 [v2.0.0-next.344](https://github.com/lobehub/lobe-chat/releases/tag/v2.0.0-next.344) 版本。后续官方计划提供用户端自助迁移功能，届时没有邮箱的用户登录时会被重定向到绑定邮箱页面。
+</Callout>
+
 解决方案：

 1. 先在 LobeChat 中配置身份提供商的 Webhook 以同步用户数据：
@@ -193,7 +193,7 @@ SSRF_ALLOW_IP_ADDRESS_LIST=192.168.1.100,10.0.0.50
 ### `ENABLE_AUTH_PROTECTION`

 - Type: Optional
- Description: Controls whether to enable route protection. When set to `1`, all routes except public routes (like `/api/auth`, `/next-auth/*`, `/login`, `/signup`) will require authentication. When set to `0` or not set, only specific protected routes (like `/settings`, `/files`) will require authentication.
+- Description: Controls whether to enable route protection. When set to `1`, all routes except public routes (like `/api/auth`, `/login`, `/signup`) will require authentication. When set to `0` or not set, only specific protected routes (like `/settings`, `/files`) will require authentication.
 - Default: `0`
 - Example: `1` or `0`

@@ -188,7 +188,7 @@ SSRF_ALLOW_IP_ADDRESS_LIST=192.168.1.100,10.0.0.50
 ### `ENABLE_AUTH_PROTECTION`

 - 类型：可选
- 说明：控制是否启用路由保护。当设置为 `1` 时，除了公共路由（如 `/api/auth`、`/next-auth/*`、`/login`、`/signup`）外，所有路由都需要认证。当设置为 `0` 或未设置时，只有特定的受保护路由（如 `/settings`、`/files` 等）需要认证。
+- 说明：控制是否启用路由保护。当设置为 `1` 时，除了公共路由（如 `/api/auth`、`/login`、`/signup`）外，所有路由都需要认证。当设置为 `0` 或未设置时，只有特定的受保护路由（如 `/settings`、`/files` 等）需要认证。
 - 默认值：`0`
 - 示例：`1` 或 `0`

@@ -188,7 +188,7 @@ The script supports the following deployment modes; please choose the appropriat
  <Callout type="warning">
    If your service can accessed via the public network,
    we strongly recommend disabling the registration,
-    refer to the [documentation](https://lobehub.com/docs/self-hosting/advanced/auth/next-auth/casdoor)
+    refer to the [documentation](https://lobehub.com/docs/self-hosting/advanced/auth/providers/casdoor)
    for more information.
  </Callout>
 </Steps>
@@ -304,7 +304,7 @@ The script supports the following deployment modes; please choose the appropriat
  <Callout type="warning">
    If your service can accessed via the public network,
    we strongly recommend disabling the registration,
-    refer to the [documentation](https://lobehub.com/docs/self-hosting/advanced/auth/next-auth/casdoor)
+    refer to the [documentation](https://lobehub.com/docs/self-hosting/advanced/auth/providers/casdoor)
    for more information.
  </Callout>
 </Steps>
@@ -177,7 +177,7 @@ bash <(curl -fsSL https://lobe.li/setup.sh) -l zh_CN
  你可以通过 `http://your_server_ip:3210` 访问你的 LobeHub 服务。应用的账号密码在步骤`2`的报告中。

  <Callout type="warning">
-    请注意，如果你的服务能够被公网访问，我们强烈建议你参考 [文档](https://lobehub.com/docs/self-hosting/advanced/auth/next-auth/casdoor) 关闭注册功能。
+    请注意，如果你的服务能够被公网访问，我们强烈建议你参考 [文档](https://lobehub.com/zh/docs/self-hosting/advanced/auth/providers/casdoor) 关闭注册功能。
  </Callout>
 </Steps>

@@ -286,7 +286,7 @@ bash <(curl -fsSL https://lobe.li/setup.sh) -l zh_CN
  你可以通过 `https://lobe.example.com` 访问你的 LobeHub 服务。应用的账号密码在步骤`3`的报告中。

  <Callout type="warning">
-    请注意，如果你的服务能够被公网访问，我们强烈建议你参考 [文档](https://lobehub.com/docs/self-hosting/advanced/auth/next-auth/casdoor) 关闭注册功能。
+    请注意，如果你的服务能够被公网访问，我们强烈建议你参考 [文档](https://lobehub.com/zh/docs/self-hosting/advanced/auth/providers/casdoor) 关闭注册功能。
  </Callout>
 </Steps>

@@ -100,7 +100,7 @@ export interface UserInitializationState {
  username?: string;
 }

-export const NextAuthAccountSchame = z.object({
+export const OAuthAccountSchema = z.object({
  provider: z.string(),
  providerAccountId: z.string(),
 });
@@ -110,7 +110,7 @@ export const NextAuthAccountSchame = z.object({
 */
 export interface SSOProvider {
  email?: string;
-  /** Expiration time - Date for better-auth, number (Unix timestamp) for next-auth */
+  /** Expiration time - Date for better-auth */
  expiresAt?: Date | number | null;
  provider: string;
  providerAccountId: string;
@@ -185,6 +185,22 @@ const DEPRECATED_CHECKS = [
      'Microsoft Entra ID provider has been renamed to Microsoft. Please update your environment variables.',
    name: 'Microsoft Entra ID',
  },
+  {
+    docUrl: MIGRATION_DOC_BASE,
+    getVars: () => {
+      const hasEmailService =
+        process.env['SMTP_HOST'] || process.env['EMAIL_SERVICE_PROVIDER'] === 'resend';
+      const hasEmailVerification = process.env['AUTH_EMAIL_VERIFICATION'] === '1';
+      if (hasEmailService && !hasEmailVerification) {
+        return ['AUTH_EMAIL_VERIFICATION'];
+      }
+      return [];
+    },
+    message:
+      'Email service is configured but email verification is disabled. Consider setting AUTH_EMAIL_VERIFICATION=1 to verify user email ownership during registration.',
+    name: 'Email Verification',
+    severity: 'warning',
+  },
 ];

 /**
@@ -58,14 +58,6 @@ describe('createRouteMatcher', () => {
      expect(matcher(createMockRequest('/trpc/chat.create'))).toBe(true);
    });

-    it('should match /next-auth/(.*) pattern', () => {
-      const matcher = createRouteMatcher(['/next-auth/(.*)']);
-
-      expect(matcher(createMockRequest('/next-auth/'))).toBe(true);
-      expect(matcher(createMockRequest('/next-auth/signin'))).toBe(true);
-      expect(matcher(createMockRequest('/next-auth/callback/github'))).toBe(true);
-      expect(matcher(createMockRequest('/next-auth'))).toBe(false); // no trailing slash or path
-    });
  });

  describe('multiple patterns', () => {
@@ -17,12 +17,6 @@ const createCaller = createCallerFactory(appRouter);
 let ctx: AuthContext;
 let router: ReturnType<typeof createCaller>;

-vi.mock('@/libs/next-auth/edge', () => {
-  return {
-    auth: vi.fn().mockResolvedValue(undefined),
-  };
-});
-
 beforeEach(async () => {
  vi.resetAllMocks();
 });
@@ -36,7 +36,6 @@ export const config = {
    '/verify-email(.*)',
    '/reset-password(.*)',
    '/auth-error(.*)',
-    '/next-auth/(.*)',
    '/oauth(.*)',
    '/oidc(.*)',
    '/market-auth-callback(.*)',
@@ -13,12 +13,6 @@ const createCaller = createCallerFactory(configRouter);
 let ctx: AuthContext;
 let router: ReturnType<typeof createCaller>;

-vi.mock('@/libs/next-auth/edge', () => {
-  return {
-    auth: vi.fn().mockResolvedValue(undefined),
-  };
-});
-
 beforeEach(async () => {
  vi.resetAllMocks();
  ctx = await createContextInner();